如何检查用户是否已在控制器内部登录Symfony2? [英] How to check if an user is logged in Symfony2 inside a controller?
警告:如果用户使用记住我"功能登录,则仅检查'IS_AUTHENTICATED_FULLY'将返回false.
根据Symfony 2文档,有3种可能性:
IS_AUTHENTICATED_ANONYMOUSLY -自动分配给以下用户 在该站点受防火墙保护的部分中,但实际上并没有 登录.只有在允许匿名访问的情况下,这才是可能的.
IS_AUTHENTICATED_REMEMBERED -自动分配给曾 通过记住我的Cookie"进行了身份验证.
IS_AUTHENTICATED_FULLY -自动分配给具有以下条件的用户 在当前会话期间提供了他们的登录详细信息.
这些角色代表三个级别的身份验证:
如果您具有
IS_AUTHENTICATED_REMEMBERED角色,那么您还具有IS_AUTHENTICATED_ANONYMOUSLY角色.如果你有IS_AUTHENTICATED_FULLY角色,那么您还具有其他两个角色. 换句话说,这些角色代表了三个层次的增长 身份验证的强度".
我遇到了一个问题,即使用记住我"功能的系统用户被视为根本没有在仅检查'IS_AUTHENTICATED_FULLY'的页面上登录.
然后的答案是要求他们如果未完全通过身份验证就重新登录,或者检查记住的角色:
$securityContext = $this->container->get('security.authorization_checker');
if ($securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
// authenticated REMEMBERED, FULLY will imply REMEMBERED (NON anonymous)
}
希望这可以避免有人犯同样的错误.在查找如何检查是否有人登录Symfony 2时,我以这篇文章为参考.
I read here how to check the login status of an user by inside a twig template for a Symfony2-based website. However, I need to know how to check if the user is logged in from inside a controller. I was quite sure the the following code was right:
$user = $this->get('security.context')->getToken()->getUser();
but it always return something, e.g. a logged user or an anonymous user.
Any idea? Thanks in advance.
Warning: Checking for 'IS_AUTHENTICATED_FULLY' alone will return false if the user has logged in using "Remember me" functionality.
According to Symfony 2 documentation, there are 3 possibilities:
IS_AUTHENTICATED_ANONYMOUSLY - automatically assigned to a user who is in a firewall protected part of the site but who has not actually logged in. This is only possible if anonymous access has been allowed.
IS_AUTHENTICATED_REMEMBERED - automatically assigned to a user who was authenticated via a remember me cookie.
IS_AUTHENTICATED_FULLY - automatically assigned to a user that has provided their login details during the current session.
Those roles represent three levels of authentication:
If you have the
IS_AUTHENTICATED_REMEMBEREDrole, then you also have theIS_AUTHENTICATED_ANONYMOUSLYrole. If you have theIS_AUTHENTICATED_FULLYrole, then you also have the other two roles. In other words, these roles represent three levels of increasing "strength" of authentication.
I ran into an issue where users of our system that had used "Remember Me" functionality were being treated as if they had not logged in at all on pages that only checked for 'IS_AUTHENTICATED_FULLY'.
The answer then is to require them to re-login if they are not authenticated fully, or to check for the remembered role:
$securityContext = $this->container->get('security.authorization_checker');
if ($securityContext->isGranted('IS_AUTHENTICATED_REMEMBERED')) {
// authenticated REMEMBERED, FULLY will imply REMEMBERED (NON anonymous)
}
Hopefully, this will save someone out there from making the same mistake I made. I used this very post as a reference when looking up how to check if someone was logged in or not on Symfony 2.
这篇关于如何检查用户是否已在控制器内部登录Symfony2?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
